Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/4Dd_oz2TtpOXQBrGavmGYMPXNlw.roa
File:                     4Dd_oz2TtpOXQBrGavmGYMPXNlw.roa (raw, json)
Hash identifier:          lEaJsZdsULkNE5Gu41TR5VUrs6XkOuSkB/MqNMbSRqE=
Subject key identifier:   E0:37:7F:A3:3D:93:B6:93:97:40:1A:C6:6A:F9:86:60:C3:D7:36:5C
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       019420D64CB7AD8B0A0EC005AC133F82F731
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/4Dd_oz2TtpOXQBrGavmGYMPXNlw.roa
Signing time:             Wed 01 Jan 2025 07:48:22 +0000
ROA not before:           Wed 01 Jan 2025 07:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60446
IP address blocks:        2.59.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4c:b7:ad:8b:0a:0e:c0:05:ac:13:3f:82:f7:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Jan  1 07:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0377fa33d93b69397401ac66af98660c3d7365c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:93:2d:bc:84:ec:43:10:1b:3b:aa:6b:4b:fe:
                    36:54:b9:bf:aa:5a:60:f7:50:31:26:46:69:01:0f:
                    b0:76:c6:a3:81:92:82:27:45:72:7f:b0:89:e2:d4:
                    89:5f:f9:c9:3e:b1:c3:6d:9d:95:4a:df:8c:c5:1d:
                    b9:3a:56:12:ac:82:e8:6f:32:37:0e:85:cc:e3:dc:
                    2d:b6:f7:8b:25:c5:4e:ea:8b:35:22:d2:44:8b:0d:
                    64:d7:0f:f4:88:0e:5d:a9:49:ed:d1:d1:b6:47:9f:
                    d7:33:eb:49:c7:f8:35:23:d8:4e:06:9c:49:5c:0f:
                    5f:5f:32:a5:e1:30:d4:52:cb:7f:e9:ba:19:d2:d6:
                    52:21:7f:d2:1e:19:69:57:ef:dd:98:ed:4e:31:9c:
                    c8:26:aa:44:fa:15:74:9b:fa:1a:52:9d:c1:51:2d:
                    6a:34:94:19:3a:b3:ca:89:fc:91:87:ff:6e:6c:e7:
                    39:ee:71:3e:b7:18:d3:69:e0:28:d5:fc:f3:9f:f2:
                    42:8d:d5:62:c4:65:17:b8:60:02:63:82:3d:77:5a:
                    88:40:67:3a:f1:bf:0e:35:fd:c2:ec:61:3c:61:d1:
                    a4:f2:5e:aa:5b:3b:28:f6:e7:09:18:7e:aa:ce:6e:
                    85:b8:58:f3:61:b6:8d:85:6c:40:30:85:64:32:86:
                    2b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:37:7F:A3:3D:93:B6:93:97:40:1A:C6:6A:F9:86:60:C3:D7:36:5C
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/4Dd_oz2TtpOXQBrGavmGYMPXNlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:ae:40:14:b5:6a:17:03:2a:66:1f:3a:ca:86:07:5a:a3:20:
         1b:91:31:e0:3d:38:0b:19:29:a4:a3:d4:ac:65:e9:c1:2d:4d:
         a5:1c:a0:03:2c:c1:c2:b4:97:2b:51:fe:27:bd:e3:93:45:dc:
         15:41:e9:df:b3:f7:78:1b:5f:87:45:7e:d2:a6:33:2e:9c:93:
         82:dc:8b:bb:16:72:ce:7b:c0:c4:04:d0:78:ec:4a:8d:14:95:
         d4:64:f0:24:35:c6:b3:60:53:3f:0e:ec:81:70:71:9a:44:31:
         dc:86:ba:c1:82:66:5c:e8:71:56:f0:f7:16:06:3c:8e:57:76:
         ed:91:ac:70:e1:ec:c2:1c:2f:7e:24:c6:e9:58:72:78:65:a4:
         c7:05:fe:27:c6:46:ab:ca:e9:3f:a0:ee:38:b5:fa:a6:ad:b2:
         ce:75:da:05:f9:61:c7:5b:56:f5:33:29:8d:37:c4:27:92:fb:
         cb:5c:64:d6:33:26:8d:35:53:7a:c0:6b:11:2f:9f:a8:e6:4a:
         00:9f:90:68:a1:c0:ee:06:27:46:03:bb:06:27:d9:7a:fd:16:
         1c:45:dd:21:61:30:73:76:56:0c:68:f8:28:dd:a9:e2:78:b5:
         d8:9b:cd:2c:89:2d:82:ea:14:7f:fb:ed:58:80:7e:24:fa:33:
         0b:1e:39:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1ky3rYsKDsAFrBM/gvcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjUwMTAxMDc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDM3N2ZhMzNkOTNiNjkzOTc0MDFhYzY2YWY5ODY2MGMzZDczNjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZMtvITsQxAbO6prS/42VLm/qlpg
91AxJkZpAQ+wdsajgZKCJ0Vyf7CJ4tSJX/nJPrHDbZ2VSt+MxR25OlYSrILobzI3
DoXM49wttveLJcVO6os1ItJEiw1k1w/0iA5dqUnt0dG2R5/XM+tJx/g1I9hOBpxJ
XA9fXzKl4TDUUst/6boZ0tZSIX/SHhlpV+/dmO1OMZzIJqpE+hV0m/oaUp3BUS1q
NJQZOrPKifyRh/9ubOc57nE+txjTaeAo1fzzn/JCjdVixGUXuGACY4I9d1qIQGc6
8b8ONf3C7GE8YdGk8l6qWzso9ucJGH6qzm6FuFjzYbaNhWxAMIVkMoYrVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOA3f6M9k7aTl0Aaxmr5hmDD1zZcMB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvNERkX296MlR0cE9YUUJyR2F2bUdZTVBYTmx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjt3MA0G
CSqGSIb3DQEBCwUAA4IBAQAnrkAUtWoXAypmHzrKhgdaoyAbkTHgPTgLGSmko9Ss
ZenBLU2lHKADLMHCtJcrUf4nveOTRdwVQenfs/d4G1+HRX7SpjMunJOC3Iu7FnLO
e8DEBNB47EqNFJXUZPAkNcazYFM/DuyBcHGaRDHchrrBgmZc6HFW8PcWBjyOV3bt
kaxw4ezCHC9+JMbpWHJ4ZaTHBf4nxkaryuk/oO44tfqmrbLOddoF+WHHW1b1MymN
N8QnkvvLXGTWMyaNNVN6wGsRL5+o5koAn5BoocDuBidGA7sGJ9l6/RYcRd0hYTBz
dlYMaPgo3anieLXYm80siS2C6hR/++1YgH4k+jMLHjl6
-----END CERTIFICATE-----